CVE-2015-5119

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 11.x through 11.2.202.468 Adobe Flash Player versions 13.x through 13.0.0.296 Adobe Flash Player versions 14.x through 18.0.0.194

Description The issue is caused by a use-after-free vulnerability in the ByteArray class in the ActionScript 3 implementation. This vulnerability can be exploited by remote attackers to execute arbitrary code or cause a denial of service via crafted Flash content that overrides a valueOf function. The vulnerability has been exploited in the wild in July 2015.

Recommendations For Adobe Flash Player versions 11.x through 11.2.202.468, update to a version that contains a fix for this issue. For Adobe Flash Player versions 13.x through 13.0.0.296, update to a version that contains a fix for this issue. For Adobe Flash Player versions 14.x through 18.0.0.194, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to crafted Flash content that overrides the valueOf function in the ByteArray class until a patch is available.